7 Wazuh Jobs

We are looking for a highly motivated Level 1 SOC Threat Hunter to join our Security Operations Center team in Kochi. As an entry-level SOC Analyst, you will play a key role in proactive threat detection and response alongside experienced SOC analysts and incident responders. Your responsibilities will include monitoring security alerts and events using SIEM and other security tools, conducting basic threat hunting across endpoints, network traffic, and log sources, investigating anomalies and potential indicators of compromise, and escalating verified threats to senior analysts. You will also assist in refining detection rules, documenting findings, maintaining activity logs, and contributing to reports. To excel in this role, you should possess 2-3 years of experience as a SOC Analyst, familiarity with SIEM tools like ELK and Wazuh, and a strong understanding of network security practices. General knowledge of network services, system log information, host-based firewalls, and common network devices is essential. Additionally, you must have excellent written and verbal communication skills and be able to adhere to processes and procedures effectively. While a Bachelor's degree is required, industry certifications such as CEH, C|SA, CompTIA Security+ are considered beneficial. You should stay updated on emerging security threats, regulatory requirements, and contribute to enhancing SOC security processes and policies. This is a full-time, permanent role based in Kochi, Kerala, where your main focus will be on proactive threat detection, incident response, and continuous enhancement of security processes to safeguard our organization against evolving cyber threats.,

You are an experienced DevOps engineer responsible for creating systems software, analyzing data, improving existing systems, and developing scalable applications. You are proficient in monitoring, troubleshooting, and resolving issues, including deployments in multiple environments. Your expertise in computer systems and network functions allows you to work diligently and accurately in fixing issues and ensuring the smooth functionality of clients" businesses. Your main responsibilities include developing research programs to enhance existing products and explore the potential of new products. You conduct research, design evaluations, and document all phases of research and development. You establish and maintain testing procedures, assess research project scopes for timely and result-oriented outcomes, and attend industry conferences on research topics. Understanding customer expectations, evaluating new technologies, maintaining technical documentation, and creating impactful demonstrations are also part of your role. You possess essential skills such as ELK development experience, DevOps experience on AWS cloud, containers, and serverless code, as well as knowledge of Wazuh and ELK development stack. You implement best DevOps practices and have expertise in tool sets required for parser/use case development, such as Regex, Python, YAML, and XML. Your hands-on experience in DevOps, Linux, monitoring, logging tools like Splunk, and strong scripting skills enable you to research, design, and implement new software systems, troubleshoot code, and deploy software systems effectively. Additionally, you stay updated on emerging security threats, regulatory requirements, and security strategies. Your proficiency in cloud systems like AWS and Azure, along with excellent communication skills, further enhance your capabilities in this role. You are also open to taking on other responsibilities and additional duties as assigned by the security management team or service delivery manager.,

About the role: We are seeking an experienced and innovative Director-IT Infra to lead our IT Infrastructure and IT Security teams. The ideal candidate will drive the management and strategic oversight of on premises datacenter assets, end user systems and on-cloud SaaS / PaaS / IaaS services with a focus on Microsoft and Open-Source technologies, while leading initiatives to transition workloads from current on-premises to hybrid cloud ecosystem. Leadership and Management: ? Work closely with CTO to define a strategic direction for organization IT ecosystem and align them to business objectives; digital transformation initiatives and Right-Fit technology. ? Formulate, strategize and implement IT and InfoSec policies aligning them to industry standards; best practices / guidelines and organization goals. ? Managing vendor / service provider relationships and run periodic cost optimization through vendor / tool consolidation and timely AMC negotiations / renewals. ? Develop and implement change management processes to ensure smooth transition and adoption of new technologies. Communicate changes to all stakeholders and provide necessary support during change. ? Lead the IT Infra team and IT InfoSec teams. Foster an innovation driven, collaborative, ever learning and high-performance team environment. IT Infrastructure Management: ? Lead initiatives to migrate on-premises workloads to Microsoft Azure and integrate Open Source tools like Docker and Kubernetes. Developing and executing strategies for the migration of data and applications to cloud-based infrastructure. ? Manage on-premises servers using Microsoft Windows Server and Linux Ubuntu running on virtualization platforms like VMware ESXi and Linux KVM. ? Ensure the reliability, availability. performance, security and high uptime of all IT assets, including hardware like Dell servers; HPE servers; SAN Data Storages; WAN / LAN Devices; EPABX systems etc. ? Develop and implement maintenance schedules using tools like Microsoft System Center. Setting up, managing and monitoring organization&aposs datacenter operations. ? Oversee network architecture, connectivity uptime, and network performance using Cisco routers, switches, and other communication devices. ? Setup IT Infrastructure Monitoring Tools to identify and resolve IT infrastructure problems before they can adversely affect critical business processes. Report to management team insight into the status of physical, virtual, and cloud systems and help ensure availability and performance. Security and Compliance: ? Implement and manage security measures, including Next-Generation Firewalls; IDS / IPS; VPNs; Next-Generation Endpoint Security; DLP; IRM / EDRM; Web Proxy etc. ? Conduct regular security assessments at server level and network level using tools like Nessus, Nmap etc. to assess security implementation and mitigate vulnerabilities. ? Ensure compliance with security policies and procedures using SIEM solutions like Splunk and ensure zero data theft and data leakage. ? Monitor and respond to security incidents with solutions like Microsoft Defender for Cloud and Open-Source tools such as Wazuh, OSSEC etc. ? Ensure compliance with industry regulations and standards, maintaining certifications such as ISO 9001, ISO 27001, PCI DSS. ? Implement disaster recovery and business continuity plans based on best practices and industry standards using solutions such as Commvault, Borg, Veeam etc. Innovation and Improvement: ? Identify opportunities for technological improvements and innovation with a focus on Microsoft / Open-Source solutions and build blueprints to transition from older technology leading to reduce TCO and enhanced systems experience. ? Promote the adoption of emerging technologies and open-source tools to enhance business / IT operations. ? Setup key IT processes and capture data touchpoints to evaluate IT Teams performance and OKRs. Build a culture of continuous improvement and service excellence. ? Provide leadership to drive Infrastructure and Network Security maturity improvements across the organization, in line with the changing Threat Landscape, Regulatory and Compliance requirements etc. ? Rewire the current processes, practices and disciplines for IT Service Management using ITIL principles aligning IT services with the needs of the business Experience: ? At least 10-12 years of relevant experience in IT infrastructure management and information security. ? Must have proven experience leading and managing complex hybrid IT teams. ? Must have proven experience in leading initiatives to transition workloads from current on-premises to hybrid cloud ecosystem. ? Must have proven experience in implementing and managing IT Security, Business Continuity Plans, Disaster Recovery Frameworks and Security Audits. ? Must have technical proficiency and hands-on experience with Microsoft technologies (e.g., Windows Server, Azure Services, Microsoft 365, SharePoint etc.) and Open-Source technologies (e.g., Ubuntu Linux, KVM, Docker, Kubernetes etc.). ? Experience in managing datacenter operations, network systems and virtualization environments. ? Experience with IT process optimization and implementing change management processes. ? Any relevant industry certifications like CISSP, CISM, Azure Solutions Architect Expert, Red Hat Certified, Cisco Certified Network Professional etc. will be added advantage. ? Experience working in large publication company, management consulting company or Tier 1 startups will be added advantage. Show more Show less

Job brief The Security Operation Centre (SOC) Information Security Analyst are the first level responsible for ensuring the protection of digital assets from unauthorized access, identify security incidents and report to customers for both online and on-premises. The position monitors and responds to security events from managed customer security systems as part of a team on a rotating 24 x 7 x 365 basis. They are alert and aggressive to filter out suspicious activity and mitigate risks before any incident occur. Your background should include exposure to security technologies including firewalls, IPS/IDS, logging, monitoring and vulnerability management. You should understand network security practices. Excellent customer service while solving problems should be a top priority for you. Main Responsibilities Tier 1 SOC analysts are incident responders, remediating serious attacks escalated, assessing the scope of the attack, and affected systems, and collecting data for further analysis. Work proactively to seek out weaknesses and stealthy attackers, review vulnerability assessments (CVEs) on monitored assets. Focus more on doing deep dives into datasets to understand what's happening during and after attacks. Monitor security events from the various SOC entry channels (SIEM, Tickets, Email and Phone), based on the security event severity and suspicious activities, escalate to managed service support teams, tier 2 information security specialists, and/or customer as appropriate to perform further investigation and resolution. Works as a Team lead for the SOC Analysts helping them to ensure that corporate data and technology platform components are safeguarded from known threats. Analyse the Events & incidents and identify the root cause. Assist in keeping the SIEM platform up to date and contribute to security strategies as an when new threats emerge. Staying up to date with emerging security threats including applicable regulatory security requirements. Bring enhancements to SOC security process, procedures, and policies. Document and maintain customer build documents, security procedures and processes. Document incidents to contribute to incident response and disaster recovery plans. Review critical incident reports and scheduled weekly & monthly reports and make sure they are technically and grammatically accurate. Keep updated with new threats, vulnerabilities, create/contribute to use cases, threat hunting etc. Other responsibilities and additional duties as assigned by the security management team or service delivery manager Requirements: Min 1 Years Experience as SOC Analyst (Experience in SIEM Tool ELK & Wazuh preferable) Process and Procedure adherence General network knowledge and TCP/IP Troubleshooting Ability to trace down an endpoint on the network, based on ticket information Familiarity with system log information and what it means Understanding of common network services (web, mail, DNS, authentication) Knowledge of host-based firewalls, Anti-Malware, HIDS Understanding of common network device functions (firewall, IPS/IDS, NAC) General Desktop OS and Server OS knowledge TCP/IP, Internet Routing, UNIX / LINUX & Windows. Excellent written and verbal communication skills Skills: Excellent event or log analytical skills Proven experience as IT Security Monitoring or similar role Exceptional organizing and time-management skills Very good communication abilities ELK, Wazuh, Splunk, ArcSight SIEM management skills Reporting

Job brief The Security Operation Centre (SOC) Information Security Analyst are the first level responsible for ensuring the protection of digital assets from unauthorized access, identify security incidents and report to customers for both online and on-premises. The position monitors and responds to security events from managed customer security systems as part of a team on a rotating 24 x 7 x 365 basis. They are alert and aggressive to filter out suspicious activity and mitigate risks before any incident occur. Your background should include exposure to security technologies including firewalls, IPS/IDS, logging, monitoring and vulnerability management. You should understand network security practices. Excellent customer service while solving problems should be a top priority for you. Main Responsibilities Tier 2 SOC analysts are incident responders, remediating serious attacks escalated from Tier 1, assessing the scope of the attack, and affected systems, and collecting data for further analysis. Work proactively to seek out weaknesses and stealthy attackers, review vulnerability assessments (CVEs) on monitored assets. Focus more on doing deep dives into datasets to understand what's happening during and after attacks. Monitor security events from the various SOC entry channels (SIEM, Tickets, Email and Phone), based on the security event severity and suspicious activities, escalate to managed service support teams, tier 3 information security specialists, and/or customer as appropriate to perform further investigation and resolution. Works as a Team lead for the SOC Analysts helping them to ensure that corporate data and technology platform components are safeguarded from known threats. Analyse the Events & incidents and identify the root cause. Assist in keeping the SIEM platform up to date and contribute to security strategies as an when new threats emerge. Staying up to date with emerging security threats including applicable regulatory security requirements. Bring enhancements to SOC security process, procedures, and policies. Document and maintain customer build documents, security procedures and processes. Document incidents to contribute to incident response and disaster recovery plans. Review critical incident reports and scheduled weekly & monthly reports and make sure they are technically and grammatically accurate. Keep updated with new threats, vulnerabilities, create/contribute to use cases, threat hunting etc. Other responsibilities and additional duties as assigned by the security management team or service delivery manager Requirements: Min 3 Years Experience as SOC Analyst (Experience in SIEM Tool ELK & Wazuh preferable) Process and Procedure adherence General network knowledge and TCP/IP Troubleshooting Ability to trace down an endpoint on the network, based on ticket information Familiarity with system log information and what it means Understanding of common network services (web, mail, DNS, authentication) Knowledge of host-based firewalls, Anti-Malware, HIDS Understanding of common network device functions (firewall, IPS/IDS, NAC) General Desktop OS and Server OS knowledge TCP/IP, Internet Routing, UNIX / LINUX & Windows. Excellent written and verbal communication skills Skills: Excellent event or log analytical skills Proven experience as IT Security Monitoring or similar role Exceptional organizing and time-management skills Very good communication abilities ELK, Wazuh, Splunk, ArcSight SIEM management skills Reporting

Job brief The Security Operation Centre (SOC) Information Security Analyst are the first level responsible for ensuring the protection of digital assets from unauthorized access, identify security incidents and report to customers for both online and on-premises. The position monitors and responds to security events from managed customer security systems as part of a team on a rotating 24 x 7 x 365 basis. They are alert and aggressive to filter out suspicious activity and mitigate risks before any incident occur. Your background should include exposure to security technologies including firewalls, IPS/IDS, logging, monitoring and vulnerability management. You should understand network security practices. Excellent customer service while solving problems should be a top priority for you. Main Responsibilities Tier 2 SOC analysts are incident responders, remediating serious attacks escalated from Tier 1, assessing the scope of the attack, and affected systems, and collecting data for further analysis. Work proactively to seek out weaknesses and stealthy attackers, review vulnerability assessments (CVEs) on monitored assets. Focus more on doing deep dives into datasets to understand what's happening during and after attacks. Monitor security events from the various SOC entry channels (SIEM, Tickets, Email and Phone), based on the security event severity and suspicious activities, escalate to managed service support teams, tier 3 information security specialists, and/or customer as appropriate to perform further investigation and resolution. Works as a Team lead for the SOC Analysts helping them to ensure that corporate data and technology platform components are safeguarded from known threats. Analyse the Events & incidents and identify the root cause. Assist in keeping the SIEM platform up to date and contribute to security strategies as an when new threats emerge. Staying up to date with emerging security threats including applicable regulatory security requirements. Bring enhancements to SOC security process, procedures, and policies. Document and maintain customer build documents, security procedures and processes. Document incidents to contribute to incident response and disaster recovery plans. Review critical incident reports and scheduled weekly & monthly reports and make sure they are technically and grammatically accurate. Keep updated with new threats, vulnerabilities, create/contribute to use cases, threat hunting etc. Other responsibilities and additional duties as assigned by the security management team or service delivery manager Requirements: Min 3 Years Experience as SOC Analyst (Experience in SIEM Tool ELK & Wazuh preferable) Process and Procedure adherence General network knowledge and TCP/IP Troubleshooting Ability to trace down an endpoint on the network, based on ticket information Familiarity with system log information and what it means Understanding of common network services (web, mail, DNS, authentication) Knowledge of host-based firewalls, Anti-Malware, HIDS Understanding of common network device functions (firewall, IPS/IDS, NAC) General Desktop OS and Server OS knowledge TCP/IP, Internet Routing, UNIX / LINUX & Windows. Excellent written and verbal communication skills Skills: Excellent event or log analytical skills Proven experience as IT Security Monitoring or similar role Exceptional organizing and time-management skills Very good communication abilities ELK, Wazuh, Splunk, ArcSight SIEM management skills Reporting.

Nexdigm is hiring for a SIEM Analyst/Engineer (Wazuh Specialist) position in Pune. Candidates should have 3 to 7 years of experience in IT, including a minimum of 3 years specifically as a Wazuh. Key Responsibilities: Setup, configure, and manage Wazuh SIEM solution for IT Infrastructure monitoring Develop and fine-tune rules for event correlation, alerting, and anomaly detection Integrate Wazuh with various endpoints, servers, network devices, and cloud services Build and maintain dashboards for real-time visibility of infrastructure health and security posture Collaborate with IT Infrastructure, Network, and Security teams for end-to-end event lifecycle management Respond to and investigate security alerts, identify root causes, and suggest remediation Create detailed documentation for configurations, processes, and policies Maintain and optimize the performance of the Wazuh platform Required Skills & Expertise: Proven hands-on experience of 5+ years with 3-4 years in Wazuh SIEM deployment and operations Strong understanding of SOC (Security Operations Center) services and workflows Knowledge of log management, parsing, and normalization techniques Familiarity with security standards, best practices, and frameworks (e.g., MITRE ATT&CK, NIST) Good analytical and problem-solving skills Ability to work independently and collaborate with cross-functional teams Educational Qualifications: B.E. / Diploma in Computer Engineering or related field Preferred Qualifications: Certifications related to cybersecurity or SIEM tools (e.g. CEH, CompTIA Security+, etc.) Experience with other open-source security tools Knowledge of scripting (Bash, Python) for automation